Changes for page SSH tunnel
Last modified by Jan Rhebergen on 2023/01/04 15:57
From version 2.1
edited by Jan Rhebergen
on 2022/12/29 13:56
on 2022/12/29 13:56
Change comment:
There is no comment for this version
To version 5.1
edited by Jan Rhebergen
on 2023/01/04 15:57
on 2023/01/04 15:57
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -31,7 +31,7 @@ 31 31 #JBR first make sure account on dashy exists (see step 2) 32 32 ssh-copy-id autotunnel@dashy}}} 33 33 34 -This installs the ##autossh## program, adds the ##autotunnel## user which will **not** have a default login shell. To still be able to execute commands as ##autotunnel## we have to specify a shell to execute, i.e. ##/bin/bash##. This enables us to generate the keys and copy them to the middleman server ##dashy##. The ##ssh-copy-id## command copies the most recent ##id_*.pub## file. As of recent the ##ed25519## is considered safest (and quick). **NB:** the ##autotunnel## account password needs to be known (temporarily set) see step 2. **NB:** The last command of step 2 can only be executed when step 2 below has been completed! Also temporarily enable logins using a password by setting ##PasswordAuthentication yes## in the ##/etc/ssh/sshd_config## file. 34 +This installs the ##autossh## program, adds the ##autotunnel## user which will **not** have a default login shell. To still be able to execute commands as ##autotunnel## we have to specify a shell to execute, i.e. ##/bin/bash##. This enables us to generate the keys and copy them to the middleman server ##dashy##. The ##ssh-copy-id## command copies the most recent ##id_*.pub## file. As of recent the ##ed25519## is considered safest (and quick). **NB:** the ##autotunnel## account password needs to be known (temporarily set) see step 2. **NB:** The last command of step 2 can only be executed when step 2 below has been completed! Also temporarily enable logins using a password by setting ##PasswordAuthentication yes## in the ##/etc/ssh/sshd_config## file and restart the daemon (don't forget to restore original setitngs and restart again). 35 35 36 36 **step 3** 37 37 ... ... @@ -91,9 +91,12 @@ 91 91 This should generate some output on the restricted client due to the ##-vvv## option we supplied. When this indeed is the case just quit and commence with the following actual test. 92 92 93 93 (% class="box" %) 94 -{{{ssh -p 8082 localhost}}} 94 +{{{ssh -p 8082 localhost 95 +#JBR or alternatively for instance: 96 +ssh -p 8082 jan@localhost 97 +}}} 95 95 96 -This should log you in on the restricted host. If you need to supply a password it means you did not copy your own public keys or the permission of the ##authorized_keys## file in set incorrectly. These keys are different (personal) public keys that you should have on your home pc/laptop account. Again this should generate respective verbose output on the restricted host. When succesful you can logout on the middle man host and also stop the ##autossh## running on the restricted host. 99 +This should log you in on the restricted host. If you need to supply a password it means you did not copy your own public keys or the permission of the ##authorized_keys## file in set incorrectly. These keys are different (personal) public keys that you should have on your home pc/laptop account. Again this should generate respective verbose output on the restricted host. When succesful you can logout on the middle man host and also stop the ##autossh## running on the restricted host. If you cannot login from an outside host (not localhost) it might be because the provider that hosts your middle man server has a firewall that need to be adjusted (i.e. amazon, oracle, etc). 97 97 98 98 == Automation and persistence == 99 99